Government must fix 'dysfunctional' policy on cybersecurity

MPs have said the 'chaotic' response to data breaches is undermining national security

Westminster

Government policy for responding to data breaches is "inconsistent and dysfunctional" and is undermining confidence in the nations ability to defend against cyber attacks, according to MPs.

Despite the increasing frequency of cyber attacks against UK businesses, there appears to have been no attempt to coordinate the "alphabet soup" of government security agencies, according to a report by the Commons Public Accounts Committee.

The report argues that a shortage of digital skills and the government's "chaotic" handling of data breaches are putting the nation at risk.

"Government has a vital role to play in cybersecurity across society but it needs to raise its game," said Committee chair and Labour MP Meg Hillier."Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The threat of cybercrime is ever-growing yet evidence shows Britain ranks below Brazil, South Africa and China in keeping phones and laptops secure. In this context it should concern us all that the government is struggling to ensure its security profession has the skills it needs," added Hillier.

The UK has seen a rise in cybercrime over the past few years, with significant attacks against Tesco bank, Northern Lincolnshire and Goole NHS Trust, and Sage.

In November a 17-year-old teenageradmitted to the hack of telecoms company TalkTalk in 2015, in which 157,000 users had their data leaked online.

Inconsistent and dysfunctional

The report claims that government has "little oversight of the costs and performance of government information assurance projects and processes for recording departmental personal data breaches are inconsistent and dysfunctional".

The Cabinet Office consistently fails to analyse government security performance on a routine basis, and that self-reporting processes "vary widely". Guidance for what should be recorded is insufficient and many departments fail to report lower level data breaches, including the delivery of letters containing sensitive information to the wrong address.

Advertisement - Article continues below

Without a "consistent approach" to security breaches, the government is unable to make informed decisions about where to direct and prioritise its attention".

"The Public Accounts Committee report highlights the long overdue rationalisation of cybersecurity roles and functions across Government," said David Ferbrache, technical director at KPMG cyber security. "There can be a natural tendency for governments to cloak discussions around security in secrecy but when it comes to cybersecurity, the best response is a community response that involves industry. The NCSC must be agile, flexible and unconventional - and it can only achieve that by drawing on talent from the community as a whole."

The report calls for the government to develop a new strategy for the new National Cyber Security Centre by the end of the financial year. This should include "who it will support, what assistance it will provide and how it will communicate with organisations needing assistance."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020